Exploit for IE 0-day flaw published, patch still unavailable
An Israeli hacker has created an exploit for the IE zero-day flaw that Microsoft warned about on Tuesday, and the code is already being inserted into the Metasploit Framework.
According to Ryan Naraine, it took only a rather revealing blog post on the McAfee Labs blog to set Moshe Ben Abu’s mind and fingers in motion.
Following their information that the attack originates from the domain topix21century.com, it took him just “a few minutes of digging in that host to find the exploit,” which he then proceeded to de-obfuscate and discover the vulnerability it takes advantage of.
Mitigation techniques have already been published within the pre-patch advisory, but since the exploit code has been made public and Metasploit’s people confirm it delivers in at least half of the cases, Microsoft will be under enormous pressure to issue a patch as soon as possible.